Issue
When trying to filter results in Red Canary, the date filters just are not working at all. This is happening on the Endpoints page as well as on Threats when trying to filter for threats between Dec 10, 2020 and May 10, 2021.
My filter syntax is:
2020-12-10..2021-05-10
... but I am continuously getting 0 results even though I can see there are threats that were published in this timeframe.
Environment
Red Canary
Resolution
For date searches, an attribute filter should be used to yield the best results.
For instance, filter against the attribute published_at:
. In this case, the filter below would work:
published_at:2020-12-10..2021-05-10
This can be a bit misleading, as if you filter based on something like adware
you get results just fine, while a filter like acknowledged
doesn’t yield the expected results. The reason is that for certain values, an attribute filter is required to search against that field's values. Best practice is to use the appropriate attribute filter when conducting searches in Red Canary.
Comments
0 comments
Please sign in to leave a comment.